CVE-2025-46349 is a high-severity reflected Cross-Site Scripting (XSS) vulnerability affecting YesWiki, a PHP-based wiki system. The vulnerability exists in versions prior to 4.5.4 within the file upload form, where improper neutralization of user input during web page generation allows an attacker to inject malicious scripts. Specifically, an unauthenticated attacker can craft a specially crafted URL containing malicious JavaScript code. When a victim clicks this link, the injected script executes in the context of the victim's browser session with the YesWiki application. This can lead to arbitrary actions such as session hijacking, credential theft, or unauthorized operations performed on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper input sanitization. The CVSS v3.1 base score is 7.6, reflecting a high impact due to the ease of remote exploitation (no privileges required), low attack complexity, and the potential for significant integrity impact. User interaction is required (the victim must click the malicious link), and the scope remains unchanged as the vulnerability affects only the vulnerable YesWiki instance. The vulnerability has been patched in YesWiki version 4.5.4, and no known exploits are currently reported in the wild. However, the presence of this vulnerability in publicly accessible wiki systems poses a risk of targeted phishing or social engineering attacks leveraging the reflected XSS to compromise users or escalate privileges within the affected environment.

For European organizations using YesWiki versions prior to 4.5.4, this vulnerability can lead to significant security risks. Reflected XSS can be exploited to steal session cookies, enabling attackers to impersonate legitimate users and potentially gain unauthorized access to sensitive wiki content or administrative functions. This threatens the confidentiality and integrity of organizational knowledge bases, which may contain proprietary or sensitive information. Additionally, attackers could leverage the vulnerability to perform actions on behalf of users, potentially altering or deleting critical documentation. The availability impact is low but not negligible if attackers use the vulnerability to inject scripts that disrupt normal operations. Given that YesWiki is often used for collaborative documentation, compromised instances could undermine trust and operational continuity. European organizations in sectors such as government, education, and research, which frequently use wiki platforms for knowledge sharing, may face increased risk. Furthermore, the vulnerability could be exploited in targeted spear-phishing campaigns, especially against organizations with less mature cybersecurity awareness or patch management processes.

1. Immediate upgrade of all YesWiki instances to version 4.5.4 or later to apply the official patch addressing this vulnerability. 2. Implement strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts, mitigating the impact of potential XSS attacks. 3. Employ web application firewalls (WAFs) configured to detect and block reflected XSS payloads targeting the file upload form and other input vectors. 4. Conduct regular security training for users to recognize and avoid clicking suspicious links, reducing the risk of social engineering exploitation. 5. Review and harden input validation and output encoding practices in any custom plugins or extensions interacting with YesWiki to prevent similar vulnerabilities. 6. Monitor web server and application logs for unusual request patterns or repeated attempts to exploit XSS, enabling early detection of attack attempts. 7. For organizations with high-value data, consider implementing multi-factor authentication (MFA) to reduce the impact of session hijacking resulting from XSS exploitation.